CVE-2011-4734

Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files...

CVE-2011-4753

CVE-2011-4753 corresponds to multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0. The issue affects PHP-based input handling in domains like sitebuilder_edit.php and other files, enabling remote attackers to inject SQL commands through crafted input. The NVD and ...

DiyPage8. 3 orderby injection and code execution vulnerabilities-vulnerability warning-the black bar safety net

UPDATE: there is a large cattle say the EXP is bad so didn't want to explain please you with the time to spend a few seconds to look at the EXP code Here to fill the search keywords and the injection determination keywords As for what to look for I don't want to say too clear as long as you take...

CVE-2011-4046

The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code...

Code injection

The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code...

CVE-2011-4046

The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code...

SportsPHool 1.0 - Remote File Inclusion

" ."target:" ."evil:" ."cmd:" ."" .""; if !isset$POST'submit' echo $form; else $file = fopen "test.txt", "w+"; fwrite$file, ""; fclose$file; $file = fopen $target.$evil, "r"; if !$file echo "Unable to get output.\n"; exit; echo $form; while !feof $file $line .= fgets $file, 1024.""; $tpos1 =...

MODx < 2.0.3-pl class_key Parameter Local File Inclusion

The version of MODx installed on the remote host fails to sanitize user-supplied input to the 'classkey' parameter of the 'manager/controllers/default/resource/tvs.php' script before using it to include PHP code. Using a specially crafted request, a remote, unauthenticated attacker may be able to...

NexusPHP 1.5 - SQL Injection

NexusPHP 1.5 - SQL Injection Exploit Title: Nexusphp.v1.5 SQL injection Vulnerability Google Dork: intitle:nexusphp Date: 2011-10-08 Author: flyh4t Software Link: http://sourceforge.net/projects/nexusphp/ Version: nexusphp.v1.5 Tested on: linux+apache CVE : CVE-2011-4026 Nexusphp is BitTorrent...

CF Image Hosting Script 1.3.82 - File Disclosure

!/usr/bin/perl CF Image Hosting Script 1.3.82 File Disclosure Exploit Bugfounder and Exploitcoder: bd0rk Contact: www.sohcrew.school-of-hack.net eMail: bd0rkathackermail.com Affected-Software: CF Image Hosting Script 1.3.82 Vendor: http://www.phpkode.com Download:...

Vanira CMS SQL Injection

=========================================================== Vanira-cms Remote SQL insertion Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...

OneFileCMS v1. 1. 1 multiple remote defect and repair-vulnerability warning-the black bar safety net

Title: OneFileCMS v. 1. 1. 1 Multiple Remote Vulnerabilities Author: mr. pr0n @pr0n Homepage: - Download address: Test version: OneFileCMS v. 1. 1. 1 Test platform: Linux Fedora 1 4 =============== Description =============== OneFileCMS is just that. It's a flat, light, one file CMS Content...

OneFileCMS 1.1.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: OneFileCMS v.1.1.1 Multiple Remote Vulnerabilities Google Dork: -- Date: 21/8/2011 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ - http://s3cure.gr Software Link: http://onefilecms.com/download/onefilecmssitev1.1.1.zip Version: OneFileCMS v.1.1.1 Tested on:...

Zero-day flaw in WordPress image utility allows to upload files and execute codes

Zero-day flaw in WordPress image utility allows to upload files and execute codes Mark Maunder, CEO of Seattle-based technology firm Feedjit, discovered the flaw after his own blog was hacked to load advertising content. He ended up tracing the issue back to TimThumb, which he uses on his blog...

Oracle Secure Backup Administration Server login.php uname Parameter Arbitrary Command Injection

The version of Oracle Secure Backup Administration Server running on the remote host fails to adequately sanitize user-supplied input to the 'uname' parameter of 'login.php'. The system performs some sanitization which limits exploitation of this issue, but code execution is still possible. A...

PHP 5.3.6 - Security Bypass

PHP 5.3.6 - Security Bypass source: https://www.securityfocus.com/bid/48259/info PHP is prone to a security-bypass vulnerability. Successful exploits will allow an attacker to create arbitrary files from the root directory, which may aid in further attacks. PHP 5.3.6 is vulnerable; other versions...

w-Agora Forum 4.2.1 Shell Upload

?php / Title .......................: w-Agora Forum 4.2.1 Remote File Upload Exploit Site ........................: http://www.w-agora.com/en/download.php Version .....................: 4.2.1 Author ......................: Treasure Priyamal Site ........................: http://treasuresec.com...

Security Alert : cPanel 11.25 CSRF vulnerability to upload any php Script !

Security Alert : cPanel 11.25 CSRF vulnerability to upload any php Script ! cPanel versions below and excluding 11.25 , are vulnerable to CSRF which leads to uploading a PHP script of the attackers liking. If you have turned off security tokens and referrer security check, no matter what version...

cPanel < 11.25 CSRF - Add User php Script

Exploit for php platform in category web applications Exploit Title: cPanel " Afterwards simply check for ninjashell.php in the directory. III. Counter-measures All cPanel versions starting from 11.25 and above have two in-built security features to prevent such attacks - security tokens and...

cPanel 11.25 - Cross-Site Request Forgery (Add User PHP Script)

cPanel 11.25 - Cross-Site Request Forgery Add User PHP Script Exploit Title: cPanel " Afterwards simply check for ninjashell.php in the directory. III. Counter-measures All cPanel versions starting from 11.25 and above have two in-built security features to prevent such attacks - security tokens...